Decrypting GPG/PGP email messages

[Alessandro Bottoni]

I know you will shake you head sadly but... I really have to perform such a
suicidal task (even if for a short time and just for internal use).

I have to send by email (over the open internet) a XML file containing
_system commands_ (yes: the kind of stuff like "rm -dfr /") to a server and
have a Python program sitting on this server, fetching and parsing the
e-mail message and executing the commands (maybe with _root privileges_).

Of course, I want to be sure that only the allowed people is able to send
such dangerous messages to my server so I will ask my users to encrypt and
digitally sign their messages using Thunderbird, Enigmail and GPG as
described in this very fine tutorial:

http://goldenspud.com/webrog/archives/2005/03/10/encrypt-encrypt/

So far, so good, but I still have a couple of doubts about the server side:

1) What would you use to decrypt the messages? The GPG module created by
Andrew Kuchling is declared "incomplete" and "no more maintained" on his
web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the
game. Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any
other module?

2) I did not find any mention of _encrypted attachments_ on the Net. Does
anybody know of a tutorial or a guide that explains how to encrypt (with
Thunderbird/Enigmail) and decrypt (with Python) the (ANSI text) files
attached to a email message?

TIA

 

[Paul Rubin]

1) What would you use to decrypt the messages? The GPG module created by
Andrew Kuchling is declared "incomplete" and "no more maintained" on his
web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the
game.

I think I'd just run gpg as an external command. I've done that from
perl scripts and it's pretty simple.

Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any
other module?

Oh hey, I didn't know about that, I'll have to look at it. I started
writing something similar a long time ago and got as far as being able
to decrypt straightforward messages, and have been meaning to get back
to it. But it's great if someone else is doing it more seriously.q

2) I did not find any mention of _encrypted attachments_ on the Net. Does
anybody know of a tutorial or a guide that explains how to encrypt (with
Thunderbird/Enigmail) and decrypt (with Python) the (ANSI text) files
attached to a email message?

PGP/GPG have their own base64 encoding called "ascii armor" in PGP
lingo. This stuff predates widespread use of MIME and traditionally,
PGP messages are sent as ascii armored plain text, not attachments.
You'd just send messages like:

From: alice
To: bob
Subject: encrypted message

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.2.1 (GNU/Linux)

jA0EAwMC+QyBtnf2kVxgyUgkWXDwnHHu6GR8xYJ4GuorEo8t9BHfExmcwCyUok/z
wZsmoCCdulYjLnAjgU0WZRhe7woCrgy14pzc7PSOhqRPEG1IFJqeZuM=
=5l/P
-----END PGP MESSAGE-----

Note the complete absence of mime headers and separators. As far as
the mail agents are concerned, the message is just text.

I'm not sure how the Thunderbird/Enigmail plugins work.

 

[Benjamin Niemann]

<posted & mailed>

I know you will shake you head sadly but... I really have to perform such
a suicidal task (even if for a short time and just for internal use).

I have to send by email (over the open internet) a XML file containing
_system commands_ (yes: the kind of stuff like "rm -dfr /") to a server
and have a Python program sitting on this server, fetching and parsing the
e-mail message and executing the commands (maybe with _root privileges_).

Of course, I want to be sure that only the allowed people is able to send
such dangerous messages to my server so I will ask my users to encrypt and
digitally sign their messages using Thunderbird, Enigmail and GPG as
described in this very fine tutorial:

http://goldenspud.com/webrog/archives/2005/03/10/encrypt-encrypt/

So far, so good, but I still have a couple of doubts about the server
side:

1) What would you use to decrypt the messages? The GPG module created by
Andrew Kuchling is declared "incomplete" and "no more maintained" on his
web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the
game. Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any
other module?

What about using the command line program via os.pipeX("gpg...")?
I've done it this way when I needed to _create_ encrypted mail attachments
using python (you'll need different gpg options for decrypting):

pipe_in, pipe_out = os.popen2("/usr/bin/gpg -q -r KEYID -s"
"--passphrase-fd 0 --batch --no-tty -a -o - -e '%s'"
% path_to_temporary_file)
pipe_in.write("passphrase")
pipe_in.close()

# read encrypted file from pipe_out
pipe_out.close()

2) I did not find any mention of _encrypted attachments_ on the Net. Does
anybody know of a tutorial or a guide that explains how to encrypt (with
Thunderbird/Enigmail) and decrypt (with Python) the (ANSI text) files
attached to a email message?

I can't help you with Thunderbird. In the worst case, you'll have to encrypt
your command file manually and attach the encrypted version to your mail.
KMail does have checkboxes for encrypt/sign every attachment separately...

 

[Piet van Oostrum]

AB> Of course, I want to be sure that only the allowed people is able to send
AB> such dangerous messages to my server so I will ask my users to encrypt and
AB> digitally sign their messages using Thunderbird, Enigmail and GPG ...

What benefit is there in encrypting the messages? It would only prevent
people intercepting the message from seeing what's inside, but it won't
give you any additional protection on the server.

And if somebody can intercept the messages there is a much bigger danger:
They could save the message and replay it later. You can't protect against
this with encryption (well, with encryption they won't know what they
are doing). Neither with a digital signature. Only checking timestamps,
keeping track of the messages received and/or a challenge/response system
will help in this case.

AB> 1) What would you use to decrypt the messages? The GPG module created by
AB> Andrew Kuchling is declared "incomplete" and "no more maintained" on his
AB> web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the
AB> game. Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any
AB> other module?

If you only sign, it will be sufficient, but there is a more complete one
(including decryption) in
http://trac.t7a.org/isconf/file/trunk/lib/python/isconf/GPG.py

 

[Piet van Oostrum]

AB> Of course, I want to be sure that only the allowed people is able to send
AB> such dangerous messages to my server so I will ask my users to encrypt and
AB> digitally sign their messages using Thunderbird, Enigmail and GPG ...

What benefit is there in encrypting the messages? It would only prevent
people intercepting the message from seeing what's inside, but it won't
give you any additional protection on the server.

And if somebody can intercept the messages there is a much bigger danger:
They could save the message and replay it later. You can't protect against
this with encryption (well, with encryption they won't know what they
are doing). Neither with a digital signature. Only checking timestamps,
keeping track of the messages received and/or a challenge/response system
will help in this case.

AB> 1) What would you use to decrypt the messages? The GPG module created by
AB> Andrew Kuchling is declared "incomplete" and "no more maintained" on his
AB> web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the
AB> game. Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any
AB> other module?

If you only sign, it will be sufficient, but there is a more complete one
(including decryption) in
http://trac.t7a.org/isconf/file/trunk/lib/python/isconf/GPG.py

 

[Piet van Oostrum]

AB> Of course, I want to be sure that only the allowed people is able to send
AB> such dangerous messages to my server so I will ask my users to encrypt and
AB> digitally sign their messages using Thunderbird, Enigmail and GPG ...

What benefit is there in encrypting the messages? It would only prevent
people intercepting the message from seeing what's inside, but it won't
give you any additional protection on the server.

And if somebody can intercept the messages there is a much bigger danger:
They could save the message and replay it later. You can't protect against
this with encryption (well, with encryption they won't know what they
are doing). Neither with a digital signature. Only checking timestamps,
keeping track of the messages received and/or a challenge/response system
will help in this case.

AB> 1) What would you use to decrypt the messages? The GPG module created by
AB> Andrew Kuchling is declared "incomplete" and "no more maintained" on his
AB> web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the
AB> game. Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any
AB> other module?

If you only sign, it will be sufficient, but there is a more complete one
(including decryption) in
http://trac.t7a.org/isconf/file/trunk/lib/python/isconf/GPG.py

 

[Piet van Oostrum]

PR> PGP/GPG have their own base64 encoding called "ascii armor" in PGP
PR> lingo. This stuff predates widespread use of MIME and traditionally,
PR> PGP messages are sent as ascii armored plain text, not attachments.

Most PGP/GPG message I have received recently where Mime encoded in
PGP/MIME (RFC 3156). Thunderbird/Enigmail can use PGP/MIME it says.
Theoretically you can encrypt parts of the message, e.g. only an
attachment, but I wouldn't know if Enigmail can do that.

 

[=?iso-8859-1?Q?Fran=E7ois?= Pinard]

[Piet van Oostrum]

What benefit is there in encrypting the messages? It would only
prevent people intercepting the message from seeing what's inside, but
it won't give you any additional protection on the server.

Whenever a message contains sensitive information, it is a good idea to
crypt it. Humans, and not only computers, may be harmful! There
are cases where information may not leak, when it vehicles private
information about people. Companies also have industrial secrets. The
mere fact that two people are communicating is often a secret in itself.

And if somebody can intercept the messages there is a much bigger danger:
They could save the message and replay it later. You can't protect against
this with encryption (well, with encryption they won't know what they
are doing). Neither with a digital signature.

Protection against replay is easily guaranteed by sequencing requests,
that is, including a sequence number within the message, each originator
his sequence. A digital signature prevents someone from tampering with
the sequence number without being detected.

 

[Piet van Oostrum]

FP> Protection against replay is easily guaranteed by sequencing requests,
FP> that is, including a sequence number within the message, each originator
FP> his sequence. A digital signature prevents someone from tampering with
FP> the sequence number without being detected.

Of course. But with the originators manually sending the requests by email
(at least that's how I understood it), this may be a nuisance.

 

[Alessandro Bottoni]

What benefit is there in encrypting the messages? It would only prevent
people intercepting the message from seeing what's inside, but it won't
give you any additional protection on the server.

You are right. Bad guys can still try to send garbage to my system and, with
some luck, can mess everything up. After reading your message I decided to
add some more control over what the remote user can do and how he can reach
the server:
- a list of allowed users (based on e-mail identity plus OTP, see below)
- a list of allowed commands (still with root-level ones, I'm afraid)
- chroot for the most dangerous commands, when possible
It is still dangerous but, frankly, I could not do any better.

And if somebody can intercept the messages there is a much bigger danger:
They could save the message and replay it later. You can't protect against
this with encryption (well, with encryption they won't know what they
are doing). Neither with a digital signature. Only checking timestamps,
keeping track of the messages received and/or a challenge/response system
will help in this case.

You are right again. As a consequence, I decided to add a one-time-password
to the encrypted message, in order to be sure of the sender identity and of
the uniqueness of the message (the OTP works as a sequence item identifier,
as well).

I'm going to use my own implementation of OTP because the existing mechanism
are devoted to protect the remote login channel and cannot be easily
adapted to my weird e-mail-based mechanism. Anyway, I'm going to use a
(encrypted) very long pseudo-random alpha-numeric sequence as a OTP so it
should be quite safe.

If you only sign, it will be sufficient, but there is a more complete one
(including decryption) in
http://trac.t7a.org/isconf/file/trunk/lib/python/isconf/GPG.py

Thanks for this info. I'm studying it.

 

[Paul Rubin]

I'm going to use my own implementation of OTP because the existing
mechanism are devoted to protect the remote login channel and cannot
be easily adapted to my weird e-mail-based mechanism. Anyway, I'm
going to use a (encrypted) very long pseudo-random alpha-numeric
sequence as a OTP so it should be quite safe.

Be very careful. You have to really know what you're doing to have
any chance of implementing something like this securely. See the book
"Practical Cryptography" by Schneier and Ferguson. You're much better
off using GPG/PGP if you can.